Phishing Spear Phishing Spoofing Vishing Skimming SIM Swap Smishing E-mail Password Safety Online Shopping Frauds through social networks Trojan General Safety Tips
- What is Phishing?
- How does phishing happen?
- How to identify a Phishing attempt?
- Examples Of Phishing E-mails
- How to avoid Phishing?
- How to report a phishing attempt?
- What should you do if you have entered data on a fraudulent link?
- What should you do if your money has been fraudulently transferred through phishing?
What is Phishing?
Phishing is a global problem faced by Banks worldwide. It is an attempt to 'fish' for your banking details. Phishing could be an e-mail that appears to be from a known institution like banks / a popular website.
Please note that Banks will never ask for confidential data like login and transaction password, One Time Password (OTP), Unique Reference No. (URN), etc.
How does phishing happen?
- Phishers sets up a replica page of a known financial institution or a popular shopping website
- Bulk e-mails are sent to users asking for their personal data like account details, passwords etc
- When the user clicks on the link, the replica of the website will open. Or while the user is online, a form will populate through an "in-session pop-up"
- On updation, the data goes to phishers. Post which the user is redirected to the genuine website
Phishers use a combination of email phishing, vishing (voice phishing) and smishing (SMS phishing) to get customer details like account no., login ID, login and transaction password, mobile no., address, debit card grid values, credit card no., CVV no., PAN, date of birth, mother's maiden name, passport no., etc.
For funds transfer through internet banking, the user needs to add a payee and confirm the registration, using the Unique Reference No. (URN) that is received on the registered mobile no.
Phishers send out SMS to users informing them that an SMS will be received with the URN. This is required to be given to the bank employee who will call him. Meanwhile, the phisher adds a payee in the user's account. The user receives the URN from the bank to confirm the registration of the payee. The phisher posing as a bank employee contacts the user for the URN. The user does not suspect the caller and gives out the URN, which is misused.
The phisher calls phone banking posing as the customer to request for mobile no. change. He then adds a payee for funds transfer. The URN and account transaction details are received on the updated mobile no. and misused. Sporadic incidents have also been reported where phishers get a duplicate SIM issued by the mobile service provider to receive the URN and OTP directly.
Customers ignore intimations about mobile no. change, as Bank errors.
The phisher calls phone banking posing as the customer to request for address change. He then reports the loss of the card and requests for a fresh card, which reaches the new address and is misused.
Customers ignore intimations about change in account details.
The phisher collects the 3D Secure password through sophisticated technology and vishing to shop online.
Phishers approach customers at offices / residences to fill survey questionnaires and offer gifts in exchange. These forms contain question on confidential data.
Banks and regulatory bodies like Reserve Bank of India (RBI), Income Tax (I.T) Dept. are publicizing awareness on phishing. Phishers now send emails resembling Yahoo / rediffmail, shopping sites or regulatory bodies, like RBI / I.T. dept., asking for confidential data.
Phishers send emails with attachments that carry virus / Trojan. The keyed-in data is captured by the malware and transmitted to phishers.
How to identify a Phishing attempt?
- Unsolicited emails, calls from strangers or websites asking for confidential banking details
- Messages asking for urgent action due to security reasons
- Links received in emails to access known websites
- To check the actual website, roll the cursor over the link or check for https:// where "s" stands for 'secure site'
Examples Of Phishing E-mails
How to avoid Phishing?
- Do not open spam mails. Be especially cautious of e-mails that:
- Come from unrecognized senders.
- Ask you to confirm personal or financial information over the Internet and/or make urgent requests for this information.
- Are not personalised.
- Try to upset you into acting quickly by threatening you with frightening information.
- Do not click on links, download files or open attachments in e-mails from unknown senders. Be cautious even if the e-mail appears to come from an enterprise you do business with. It is a good practice to call up the concerned to confirm in case the e-mail is unexpected.
- Communicate personal information only via secure web sites. In fact:
- When conducting online transactions, look for a sign that the site is secure such as a lock icon on the browser's status bar or a "https:" URL whereby the "s" stands for "secure" rather than a "http:".
- Also, check if the website address is correct before conducting online transactions.
- Protect your computer by installing effective anti-virus / anti-spyware / personal firewall on your computer / mobile phone and update it regularly.
- Check your online accounts and bank statements regularly to ensure that no unauthorized transactions have been made.
- Do not disclose details like passwords, debit card grid values, etc. to anyone, even if they claim to be bank employees or on e-mails/links from government bodies like RBI, I.T. Dept., etc
- Type the web address in the browser. Do not use links received in e-mails.
- In case you have used a cyber cafe / shared computer, change your passwords from your own computer.
- Register for e-mail and mobile alerts to check your account regularly.
- Report any fraudulent incident to the Bank / institution on the number mentioned on the Debit / Credit card, bank / credit card statement or official website.
How to report a phishing attempt?
- Forward the original e-mail to us at
- Report the incident with caller's no., date and time of call, etc at our 24-hour Customer Care
What should you do if you have entered data on a fraudulent link?
- Change the passwords immediately
- Report the incident at our 24-hour Customer Care
What should you do if your money has been fraudulently transferred through phishing?
- Inform the bank immediately